Role Description:

●    Incident Response: Actively participate and provide support in all phases of security incident response, including tracking, stakeholder communication, remediation, and recovery

●    Alert Triage & Investigation: Perform Level 2 triage of incoming incidents, providing initial assessment of priority, determining incident nature and risk, and appropriately routing security or privacy data requests

●    Deep Dive Analysis: Conduct comprehensive incident response analysis leveraging expertise in cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors

●    Tool Proficiency: Utilize Splunk SIEM and support forensic tools to monitor, investigate, and correlate security events

●    Reporting & Documentation: Ensure all incident details are accurately entered into the incident tracking system

●    Develop detailed incident report during and after incidents, outlining mitigation, recovery, and operational return-to-normal actions

●    Record and report all incidents in adherence to Federal and department policies

●    Create and track network incidents and investigations through to closure

●    Stakeholder Coordination: Coordinate with reporting entities (e.g CISA) to fully understand event details and facilitate effective communication with stakeholders

●    Operational Guidance: Serve as key personnel for Incident Management, providing coordination, task assignment, and process guidance for incident response events

●    SOP Adherence & Escalation: Strictly follow established SOPs, policies, and procedures for timely escalation and notification of Federal leadership and reporting

●    Remediation & Recovery: Actively participate in the remediation and recovery of incidents generated by live threats against the enterprise

●    Control Optimization: Review, revise, and recommend enhancements to technical, process, and physical security controls

●    Defensive TTP Development: Develop and implement defensive cyber best practice tactics, techniques, and procedures to strengthen our security posture.

●    Mentorship: Manage assigned investigations, ensuring active progress and assist Tier 1 analysts as needed to resolve investigations

 

Required Qualifications & Education:

●    Bachelors in science in Computer Science, Information Systems, Mathematics, Engineering, or a related degree OR an additional 2+ years of relevant experience

●    4+ years of Information Technology experience

●    Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.

●    Demonstrate proficiency in the Incident Response Process and SOC operations and a good understanding of threat hunting

●    Good understanding of system log information and where to collect specific data/attributes as required for the Incident Events

●    Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations

●    Experience performing log analysis and reporting

●    Experience creating and tracking investigations to resolution

●    Experience with Endpoint security solutions, including but not limited toWindows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools

●    Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST,ISO)

●    Solid understanding of the application, authentication, network security principles, and operating system hardening techniques

●    General knowledge of cyber-attack frameworks (MITRE ATT&CK andLockheed Cyber Kill Chain)

●    Understanding of Computer Network Defense (CND) policies, procedures, and regulations

●    SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms

●    Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies

●    Ability to work independently to address and resolve a security incident with minimal supervision

●    Cybersecurity certifications are preferred but not required

Clearance and Location Requirements:

●    Able to be cleared for a Public Trust clearance.

●    This position is currently fully remote.

Washington, DC

Fully Remote

Apply now

Need help? Lets talk.

We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.

Contact us